top of page
perceptive_background_267k.jpg

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

Published:

24 april 2026 om 07:24:00

Alert date:

24 april 2026 om 09:01:04

Source:

thehackernews.com

Click to open the original link from this advisory

Emerging Technologies, Zero-Day Vulnerabilities, Critical Infrastructure

A high-severity Server-Side Request Forgery (SSRF) vulnerability in LMDeploy, an open-source toolkit for compressing, deploying, and serving Large Language Models (LLMs), has been actively exploited in the wild within 13 hours of its public disclosure. The vulnerability, tracked as CVE-2026-33626 with a CVSS score of 7.5, could allow attackers to access sensitive data through server-side request forgery attacks. The rapid exploitation demonstrates the critical nature of this security flaw and the speed at which threat actors can weaponize newly disclosed vulnerabilities.

Technical details

A Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module allows attackers to fetch arbitrary URLs without validating internal/private IP addresses. The vulnerable load_image() function in lmdeploy/vl/utils.py can be exploited to access cloud metadata services, internal networks, and sensitive resources. Attackers used the vision-language image loader as a generic HTTP SSRF primitive to port-scan internal networks, target AWS IMDS and Redis instances, test egress with out-of-band DNS callbacks, and enumerate API surfaces. The attack unfolded over 10 distinct requests across three phases, switching between different vision language models to avoid detection.

Mitigation steps:

Apply security patches for LMDeploy and affected WordPress plugins immediately. Monitor for SSRF exploitation attempts targeting internal networks, cloud metadata services, and port scanning activities. Implement proper input validation for URL fetching functions. Secure internet-exposed industrial control systems and PLCs. Monitor for unusual network scanning patterns and out-of-band DNS requests.

Affected products:

LMDeploy (all versions 0.12.0 and prior with vision language support)
WordPress Ninja Forms File Upload Plugin
WordPress Breeze Cache Plugin
Modbus-enabled programmable logic controllers (PLCs)

Related links:

https://github.com/InternLM/lmdeploy
https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq
https://www.sysdig.com/blog/cve-2026-33626-how-attackers-exploited-lmdeploy-llm-inference-engines-in-12-hours
https://www.wordfence.com/blog/2026/04/attackers-actively-exploiting-critical-vulnerability-in-ninja-forms-file-upload-plugin/
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/breeze/breeze-cache-244-unauthenticated-arbitrary-file-upload-via-fetch-gravatar-from-remote
https://www.catonetworks.com/blog/global-campaign-discovered-with-modbus-plcs-targeted/

Related CVE's:

Related threat actors:

IOC's:

103.116.72[.]119, requestrepo[.]com, 127.0.0[.]1

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page